查詢結果分析
來源資料
頁籤選單縮合
題 名 | 發展電子商務系統網路之安全基礎環境=The Development of Public Key Infrastructure for Securing E-Commerce Systems Networks |
---|---|
作 者 | 曹偉駿; | 書刊名 | 管理與系統 |
卷 期 | 10:2 2003.04[民92.04] |
頁 次 | 頁227-243 |
專 輯 | 電子商務經營管理專輯 |
分類號 | 312.76 |
關鍵詞 | 公開金鑰基礎; 電子商務系統網路; 資訊安全; 橢圓曲線公開金鑰密碼系統; 自我認證公開金鑰密碼系統; Public key infrastructure; E-commerce systems networks; Information security; Elliptic curve cryptosystems; Self-certified public key cryptosystems; |
語 文 | 中文(Chinese) |
中文摘要 | 網路通訊安全為目前發展電子商務最重要的課題之一,尤其是對消費者而言,他(她)們絕不希望自己個人的隱私資料因為網路通訊的不安全而洩露出去。電子商務所提供的服務種類繁多,而每一類型的電子商務服務其所需要的安全機制也不盡相同;雖然目前在實務的設計上大多採用電子憑證為基礎(Certificate-based)的方式來處理相關的安全事宜,但是此作法有一個很重要的先決條件-系統認證中心須是誠實且必須保護金鑰目錄,另外在使用時還需額外增加驗證系統認證中心之簽章的步驟。在現實的環境中,其實我們並不能絕對認定系統憑證中心一定是誠實的,或者我們應該說,其實系統憑證中心也是有機會被駭客入侵的,故發展自我認證(Self-certified)的機制確有其必要性。所謂的自我認證是指交談的雙方僅需要靠雙方傳送一些公開的資訊,即可達成雙方身分的確認,而不需透過第三者來做保證或協調。本研究所欲發展的是電子商務系統網路的安全基礎環境,故除了安全層級的顧慮外,還必須兼顧安全機制運算上的效率。因橢圓曲線公開金鑰密碼系統較現存的其它公開金鑰密碼系統運算更快速,且以較少之位元數達到相同的安全度。因此,本研究欲發展出一套以橢圓曲線密碼系統為基礎的具自我認證公開金鑰系統,並以植基於橢圓曲線密碼系統的自我認證公鑰系統發展出:加/解密、交談金鑰、數位簽署/驗證簽署及鑑別加密法等安全機制,並將這些技術實際應用在電子商務系統網路,藉以提高其安全機制的效率,使即時性的安全線上電子商務網路成為可行的方案。總之,本研究目的在於發展出有效率之自我認證為基礎的安全機制,藉此可使電子商務系統網路之安全機制更臻於完備且更切實際,亦即使電子商務知識的管理更具保障與效率,以提昇使用者對電子商務網路使用上安全的信心。 |
英文摘要 | The network security is one of important issues in developing the electronic commerce. Users absolutely hope that their private data are not disclosed when they communicate with somebody on networks. The electronic commerce provides users with a variety of service, and each service may need various security schemes to protect its transaction procedure. At present, the certificate-based public key cryptosystem is implemented for managing security issues of the electronic commerce. However, it is assumed that the certificate authority must be trusty and protect the public key directory. In the practical environment, we may not completely trust the certificate authority is honest. In other words, the certificate authority may be exploited by intruders and wiretappers, and therefore the status will lead the system to insecurity. If the self-certified public key cryptosystem is developed, the above security hole will be avoided. The so-called self-certification is that the communicating users can authenticate each other using only the public information transmitted from each other instead of using a trusted third party. In this project, we will construct secure infrastructure of knowledge management networks of electronic commerce, so both security requirements and computation efficiency should be considered. Since the elliptic curve public key cryptosystem (ECC) is the most efficient among existing public key cryptosystems, we will develop the ECC-based self-certified public key cryptosystem in this project. Based on the proposed public key cryptosystem, we will also construct the security schemes of encryption/decryption, session key, digital signature, multi-signature, and conference key. Afterwards, we will apply the above proposed security scheme to evolve a secure knowledge management networks for electronic commerce. In summary, this project will develop an efficient self-certified public key cryptosystem that makes the knowledge management for electronic commerce more perfect and practical and increases the users’ confidence in enjoying the knowledge management networks service for electronic commerce. |
本系統中英文摘要資訊取自各篇刊載內容。